The Security
library provides various function related to security such as hashing, encryption, decryption and secure random string generation.
To install this package
$ composer require originphp/security
The default hashing algorithm used is sha256
.
To hash a string (not password)
use Origin\Security\Security;
$hashed = Security::hash('foo');
To hash a string with a pepper (also incorrectly known as salt).
$hashed = Security::hash('foo',['pepper'=>'A random string']);
To change the hashing type
$hashed = Security::hash('foo',['type'=>'sha1']);
For a full list of supported algorithms
$list = hash_algos()
The Security utility hashes passwords using best practices, currently this is bcrypt
which is considered
very secure.
$hashed = Security::hashPassword('secret');
To verify the password is correct
$hashed = Security::hashPassword('secret');
$bool = Security::verifyPassword($input,$hashed); // input is user inputted password
To encrypt and decrypt a string you will need a key, you can generate a random secure key.
use Origin\Security\Security;
$key = Security::generateKey(); // ESaCestIJvuAo3NUAtHAZG9DqmFJZtyx
The key length must be 32 bytes (256 bits) to use with the encryption decryption functions.
To encrypt a string
use Origin\Security\Security;
$key = '33d80476167cc95c363bf7df3c95e1d1';
$encrypted = Security::encrypt('foo',$key);
To decrypt an encrypted string
use Origin\Security\Security;
$key = '33d80476167cc95c363bf7df3c95e1d1';
$encrypted = 'ohRRdAydx+4wfOd7Vm+LHmmV9zBH+3r0WLQylyPMPu2RvCjX9FVgoeUBZuLYBTLM4x9NeZX7U0bUvE1bucATSQ==';
$plain = Security::decrypt($encrypted,$key);
To generate a cryptographically secure hexadecimal random string, the default length is 16. (This is an alias for hex)
$randomString = Security::random(); // 5f31ecf661dabb04
You can generate secure random strings with different encoding.
$hex = Security::hex(); // gpgf67ezotl06wqs
$base36 = Security::base36(); // 13owqvwcgb426rvq
$base58 = Security::base58(); // SyqBFAtGfNxZkZMQ
$base62 = Security::base62(); // oc1eIfAHKWWt5zrO
$base64 = Security::base64(); // v3xsI6O+g6LsuY4+
// url safe
$base64 = Security::base64(16,true); // YPT9rp-i6jqXWCvA
If you need to generate a unique id, and don't need to use a UUID, then the UID method provides a more memory and disk space efficient way when working with unique ids.
If you are generating a API token or another form of string that a user might need to type in, then use
Security::random
orSecurity::uuid
instead since these use lower case characters.
To generate a cryptographically secure unique id (UID) using base62 with a default length of 16.
$uid = Security::uid(); // O64cjBxfz2JPhyCQ
The Security class can generate both version 4 and version 1 UUIDs.
To generate a random UUID (version 4)
$uid = Security::uuid(); // 38c67382-d3ab-4430-a27e-0c719813c09f
For a version 1 UUID, set MAC address to true, this will try to find the MAC address on Linux systems or generate a random one.
$uid = Security::uuid(['macAddress'=>true]); // ac337932-e4e5-11e9-928f-8bda39fe8887
You can also set the MAC address manually.
$uid = Security::uuid(['macAddress'=>'00:0a:95:9d:68:16']); // 769c6fa4-e4e5-11e9-b8d5-000a959d6816